Colorado voting machines banned after conspiracy theorist county clerk let unauthorized person in during upgrades—who then published their passwords

Originally published at: Colorado voting machines banned after conspiracy theorist county clerk let unauthorized person in during upgrades—who then published their passwords | Boing Boing

…

So…we can go back to plain old pen and paper ballots now?

Ultimately it comes down to “you have to trust people.” At some point in the voting process, people HAVE to be involved. Either its all paper ballots and people are hand counting it, or its paper ballots with a machine counter that has to be setup to count properly, or it’s electronic ballots cast on machines that need servicing and programming. People have to be trusted. All she proved was you can’t trust her, because she will terminate security and hand over the passwords to prove “the machines are hackable.” Yes, you dipshit, machines that YOU gave the password to can be logged into by someone YOU approved to have access. That’s not a hack, that’s a violation of your duties, for which you should be removed from office and jailed.

Time and again, GQP politicians prove by their actions that they are the ones you can’t trust.

I’m still boggled by the fact that the machines have unalterable factory root [1] passwords. What other security no-nos do they have built in?

[1] I don’t really object to factory hardware passwords as long as they never leave the factory and are unique to each serial number. Giving them out to the purchasers, though …

Lots. GOP projection aside, the voting machine companies’ record on security in a particularly challenging technology use case is so abysmal that XKCD summed it up definitively in one cartoon years ago.

Closed verticals with limited competition are always the worst software by far. Security, features, stability, all terrible. Take a look at the train wreck software your dentist or veterinarian have to use sometime. It’s all awful (I used to support it for my job), so it doesn’t surprise me one bit that voting machine software is bad.

At every election cycle, rightwingnuts try to start a panic about voter fraud. Those should be the first people investigated. The GOP continually demonstrates itself to be the party of hypocrisy, hatred and shameless power grabs.

So in an effort to uncover a consipracy, she basically created her own conspiracy. Except hers was real. Brilliant.

The party of projection?

True, but you want it to be a large number of people, and preferably several people overseeing each step. What you need to avoid is having a few key people who can rig an entire election. 1000 people handcounting ballots are hard to coordinate into a fraud.

Luckily that’s kinda built into the US system. It’s all hyperlocal and decentralized. What this local crackpot did is reprehensible, but ultimately the damage from it wouldn’t have even been a rounding error in the results of a national election.

People like her can do a lot of damage in smaller races though. It’s probably why school boards, sheriffs, and other small elected offices are all mostly shitshows of corruption, minority rule, and toadying.

But in a well-designed system no one person should have to be entrusted with the power to undermine the entire process.

No one person ever is. There was security on the room (she turned it off). There were BIOS password to get passed (she shared them). The data was marked to give clear indications of where it came from and from whom (she… oopsie).

Multiple layers of security, overlapping, multiple ways of preventing this type of fault.

What she proved was if you TRY to do this, you’ll get caught. Thus she reminded everyone the system was more secure than she thought.

It’s a special pen test where the pen stands for penitentiary!

it looks like maybe they are already pen and paper

it sounds like the vote is primarily scantron. then the ballots get scanned, and the counting is done by computers, the results stored and reported via precinct servers

it sounds like there’s a lot of software to analyze and report ( eta: using scanned images ) possibly bad, or hard to understand ballots. which is neat but unless you’re auditing during and after - auditing before ( like the article describes ) is kind of useless from a security perspective… just write your hack so the first n ballots report accurately

not enough states mandate post election audits. but it seems? lots of states have pulled back from electronic voting, and are using electronic counting instead. ( which is a start at least )

I’d be interested to know how such a person ended up in that job.

My guess: she was a conspiracy theorist first, and sought the job thinking she’d be a hero by somehow uncovering The Big Secret. Then when she found out it’s all about boring safeguards and cross-checks to prevent the kind of conspiracy she was interested in, she set out to break the system out of a mixture of spite and lazy incompetence.

I’d call that job security.

So, um… vote tampering is bad,
or, vote tampering is good?

Yeah. Security by obscurity isn’t.